Personal data processing policy
Approved by Order No. 3107 of 31.07.2017.
General Director of "Moscow eye clinic»
PROTECTION POLICY AND THE PROCESSING OF PERSONAL DATA
LLC "MOSCOW EYE CLINIC»
1.1. This Policy regarding the processing of personal data (hereinafter – the policy) is drawn up in accordance with the Federal law "On personal data" № 152-FZ of July 27, 2006, as well as other normative legal acts of the Russian Federation in the field of protection and processing of personal data and is valid for all personal data (hereinafter – the data) that the Organization (hereinafter – the Operator, the Company) can receive from the subject of personal data, which is a party to a civil law agreement, from the Internet user (hereinafter-the Policy). – User) while using any of the sites, services, services, programs, products or services of Moscow eye clinic LLC.
1.2. The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal law of July 27, 2006 № 152-FZ "On personal data".
1.3. The operator has the right to make changes to this Policy. When changes are made, the policy title indicates the date of the last revision update. The new version of the Policy shall enter into force upon its posting on the website, unless otherwise provided by the new version of the Policy.
1.4. This Policy is not applicable, and the Operator does not control and is not responsible for third-party sites to which the User can click on the links available on the Site. On such sites, other personal data may be collected or requested from the User, and other actions may be taken.
1.5. This Policy is a public document that declares the conceptual basis of the Operator's activities in the processing of personal data.
1.6. Information about the Operator: limited liability company "Moscow eye clinic", INN 7704768345, OGRN 1107746889172, address of the place of activity: 107023, Semenovskiy pereulok, d. 11, phone: +7 (499) 322-36-36
1.7. The user's use of the website of the Organization means acceptance of this Policy of protection and processing of personal data of the User.
1.8. In case of disagreement with the terms of the Policy, the User must stop using the website of the Organization.
2. Terms and abbreviations used
Personal data – any information relating directly or indirectly to a specific or identifiable natural person (subject of personal data).
Processing of personal data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data – processing of personal data using computer technology.
Information system of personal data (ISPD) – a set of personal data contained in databases and ensuring their processing of information technologies and technical means.
Personal data made publicly available by the subject of personal data - personal data, access of an unlimited number of persons to which is provided by the subject of personal data or at his request.
Blocking of personal data – temporary termination of processing of personal data (except in cases when processing is necessary to clarify personal data)
"IP address" is a unique network address of a node in a computer network built on the IP Protocol.
Destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
Operator – an organization, independently or jointly with other persons organizing the processing of personal data, as well as determining the purpose of processing of personal data to be processed, actions (operations) performed with personal data. The operator is LLC Moscow eye clinic located at the address: 107023, Moscow, Semenovsky lane, 11.
3. Personal data processing
3.1. Obtaining personal data.
3.1.2. The operator shall inform the subject of the purposes, intended sources and methods of obtaining personal data, the nature of the personal data to be obtained, the list of actions with personal data, the period during which the consent is valid, and the procedure for its withdrawal, as well as the consequences of the refusal of the subject to give written consent to
3.1.3. Documents containing personal data are created by:
– copying of original documents (passport, etc.);
– entering information into accounting forms;
– obtaining the originals of the necessary documents (employment record, medical report, characteristics, etc.).
3.2. Personal data processing.
3.2.1.Principles and conditions of personal data processing:
3.2.2. The processing of personal data must be legal and fair.
3.2.3. The processing of personal data shall be limited to the achievement of specific, predetermined and lawful purposes.
3.2.4. It is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other.
3.2.5. Only personal data that meet the purposes of their processing are subject to processing.
3.2.6. The content and volume of the personal data processed must correspond to the stated purposes of processing.
3.2.7. When processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of processing personal data shall be ensured.
3.3. Processing of personal data is carried out:
– with the consent of the personal data subject to the processing of his personal data;
– in cases where the processing of personal data is necessary for the implementation and performance of the functions, powers and duties assigned by the legislation of the Russian Federation;
– in cases where the processing of personal data is carried out, the access of an unlimited number of persons to which is provided by the subject of personal data or at his request (hereinafter – personal data made publicly available by the subject of personal data).
3.3.1. Purposes of personal data processing:
– implementation of civil law relations;
– to communicate with the user, in connection with filling out the feedback form on the site, including sending notifications, requests and information relating to the use of the company's website, processing, coordination of the time of reception, types of services, execution of agreements and contracts;
– processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
– in the medical and preventive purposes, for the purpose of establishment of the medical diagnosis, rendering medical and medical and social services provided that processing of personal data is performed by the person who is professionally engaged in medical activity and obliged according to the legislation of the Russian Federation to keep medical secret;
– identification of the User and/or his representative;
– informing about the operator and (or) third parties in whose interests the Operator acts, advertising and (or) marketing campaigns, surveys, questionnaires, marketing research in relation to the services provided by the Operator and/or persons in whose interests the Operator acts.
– communication with the User, if necessary, including sending notifications, requests and information related to the use of the Site, the provision of services, as well as processing requests and applications from the User;
– improving the quality of services, ease of use, development of new services;
3.3.2. The operator does not verify the accuracy of personal data provided by Users and does not exercise control over their legal capacity. However, the Operator assumes that the User provides reliable and
3.3.3. Categories of personal data subjects.
Personal data of the following personal data subjects are processed:
– individuals who are in civil relations with the Society;
– individuals who are users of The company's Website.
– individuals to whom medical services are provided and their legal representatives;
– individuals who have applied to the Operator with complaints, applications and appeals.
3.3.4. Personal data processed by the Operator:
– data obtained in the implementation of civil law relations;
– data received from Users of the Organization.
3.3.5. Processing of personal data is carried out:
– using automation tools;
– without the use of automation.
3.3.6. The operator does not perform cross-border (on the territory of a foreign state to the authority of a foreign state, a foreign individual or a foreign legal entity) transfer of personal data.
3.4. Storage of personal data.
3.4.1. Subjects ' personal data can be obtained, to be further processed and transmitted to storage on paper and electronically.
3.4.2. Personal data recorded on paper are stored in locked cabinets or in locked rooms with limited access rights.
3.4.3. Personal data of subjects processed using automation tools for different purposes are stored in different folders.
3.4.4. It is not allowed to store and place documents containing personal data in open electronic directories (file sharing) in the ISPD.
3.4.5. The storage of personal data in a form that allows to determine the subject of personal data is carried out no longer than the purposes of their processing require, and they are subject to destruction upon achievement of the purposes of processing or in case of loss of the need to achieve them.
3.5. Destruction of personal data.
3.5.1. Personal data on electronic media is destroyed by erasing or formatting the media.
3.5.2. The fact of destruction of personal data is documented by the act of destruction of media.
3.6. Transfer of personal data.
3.6.1. The operator transfers personal data to third parties in the following cases:
– the subject has consented to such action.;
– the transfer is provided for by Russian or other applicable law within the procedure established by law.
3.6.2. List of persons to whom personal data is transferred.
– insurance medical organizations on voluntary medical insurance (legally);
– employees of the company for the consideration of the medical condition of the user of the Website;
– bodies of the Ministry of internal Affairs of Russia in the cases established by the legislation.related to the processing of personal data in Moscow eye clinic LLC: email@example.com.
4. Personal data protection
4.1. In accordance with the requirements of regulatory documents, the Operator has created a system of personal data protection (FDD), consisting of subsystems of legal, organizational and technical protection.
4.2. The subsystem of legal protection is a set of legal, organizational,administrative and regulatory documents that ensure the creation, operation and improvement of FDD.
4.3. The subsystem of organizational protection includes the organization of management structure of SZPD, allowing system, protection of information at work with employees, partners and third parties.
4.4. The subsystem of technical protection includes a complex of technical, software, software and hardware, providing protection of personal data.
4.5. The main measures of personal data protection used by the Operator are:
4.5.1. Appointment of a person responsible for the processing of personal data, which carries out the organization of personal data processing, training and instruction, internal control over compliance with the requirements for the protection of personal data by the institution and its employees.
4.5.2. Identification of current threats to the security of personal data during their processing in the ISPD and the development of measures and measures for the protection of personal data.
4.5.3. Development of a policy regarding the processing of personal data.
4.5.4. Establishing rules of access to personal data processed in the ISPD, as well as ensuring the registration and accounting of all actions performed with personal data in the ISPD.
4.5.5. Establishment of individual passwords for employees ' access to the information system in accordance with their work responsibilities.
4.5.6. Certified antivirus software with regularly updated databases.
4.5.7. Compliance with the conditions that ensure the safety of personal data and exclude unauthorized access to them.
4.5.8. Detection of unauthorized access to personal data and taking measures.
4.5.9. Recovery of personal data modified or destroyed as a result of unauthorized access to them.
4.5.10. Training of the operator's Employees directly engaged in the processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the operator's policy regarding the processing of personal data, local acts on the processing of personal data.
4.5.11. Implementation of internal control and audit.
5. Basic rights of the personal data subject and obligations of the Operator
5.1.Basic rights of the personal data subject.
The subject has the right to access his / her personal data and the following information:
– confirmation of personal data processing by the Operator;
– legal grounds and purposes of personal data processing;
– purposes and methods of personal data processing used by the Operator;
– the name and location of the Operator, information about persons (except for the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of Federal law;
– terms of processing of personal data, including the terms of their storage;
– the procedure for the subject of personal data rights under the Federal law;
– name or surname, name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
– appeal to the Operator and sending him requests;
– appeal against the actions or omissions of the Operator.
5.2. Responsibilities Of The Operator.
– when collecting personal data, provide information about the processing of personal data;
– if personal data were not received from the subject of personal data, notify the subject;
– in case of refusal to provide personal data to the subject, the consequences of such refusal are explained;
– publish or otherwise provide unrestricted access to the document defining its policy regarding the processing of personal data, to information on the requirements for the pro
– take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions in relation to personal data;
– respond to requests and appeals of personal data subjects, their representatives and the authorized body for the protection of the rights of personal data subjects.
6. Contact information
6.1. E-mail for applications related to the processing of personal data in "Moscow eye clinic": firstname.lastname@example.org established by law.related to the processing of personal data in Moscow eye clinic LLC: email@example.com.